apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: {{ nginx_replicas }}
  template:
    metadata:
      labels:
        app: nginx
        appCluster: nginx-cluster
    spec:
      tolerations:
      - key: "kubernetes.io/arch"
        operator: "Equal"
        value: "arm64"
        effect: "NoSchedule"
      {% if runtime_class_name %}runtimeClassName: {{ runtime_class_name }}{% endif %}
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: pkb_nodepool
                operator: In
                values:
                - nginx
        podAntiAffinity:
          # Schedule 1 Nginx pod per node
          requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
              - key: app
                operator: In
                values:
                - nginx
            topologyKey: kubernetes.io/hostname
      containers:
      - name: nginx
        image: {{ nginx_image }}
        imagePullPolicy: Always
        ports:
        - containerPort: {{ nginx_port }}
        volumeMounts:
        - name: config-volume
          mountPath: /etc/nginx/sites-enabled/default
          subPath: default
        command:
          - /bin/bash
          - -c
        args:
          - |
            mkdir -p /var/www/html
            dd bs=1 count={{ nginx_content_size }} if=/dev/urandom of=/var/www/html/random_content
            mkdir -p /etc/nginx/ssl
            openssl req -x509 -nodes -days 365 -newkey ec -subj "/CN=localhost" -pkeyopt ec_paramgen_curve:secp384r1 -keyout /etc/nginx/ssl/ecdsa.key -out /etc/nginx/ssl/ecdsa.crt
            sed -i 's|worker_connections .*|worker_connections {{ nginx_worker_connections }};|g' /etc/nginx/nginx.conf
            sed -i 's|\(\s*\)keepalive_timeout .*|\1keepalive_timeout 75;\n\1keepalive_requests 1000000000;|g' /etc/nginx/nginx.conf
            nginx -g 'daemon off;'
      volumes:
      - name: config-volume
        configMap:
          name: default-config
---
apiVersion: v1
kind: Service
metadata:
  name: nginx-cluster
spec:
  ports:
  - name: nginx-port
    port: {{ nginx_port }}
    protocol: TCP
    targetPort: {{ nginx_port }}
  selector:
    app: nginx
    appCluster: nginx-cluster
  type: ClusterIP
